NIMC’s Licensees Undergo More Scrutiny for Alleged Data Breach

It would no longer be business as usual with licensees of National Identity Management Commission (NIMC) expected to provide verification services as the Nigeria Data Protection Commission (NDPC) promised a close scrutiny of their operations.

NDPC’s decision was to forestall any form of data breach from third party agents unaware of the provisions of Nigeria Data Protection Act 2023 and NIMC Privacy policy regarding citizens data.

NIMC and NDPC have recently expressed concerns over the incident of unauthorised National Identity Numbers (NIN) verification by expressverify.com and launched investigations to unreveal the truth.

It was gathered that a third-party who, among others, was originally authorised to provide verification services to citizens and genuine businesses might have allowed expressverify.com to use its NIN verification credentials to conduct verification.

However, the Nigeria Data Protection Commission said at the weekend: “The circumstances surrounding this permission is still under investigation”.

A statement signed by the Head of Legal Enforcement and Regulations of the NDPC, Barrister Babatunde Bamigboye noted that no stone would be left unturned to ensure compliance with data protection and privacy of citizens by all regulatory authorities and stakeholders.

Bamigboye said: “To remedy this incident, National Identity Management Commission (NIMC), in line with established remediation protocols, barred all forms of access to its database.

”Though necessary, barring all forms of access affected all genuine and crucial verification requests.

“After a painstaking review, limited access has been granted to few establishments that are providing pivotal public services such as education and security.

“On-going investigation – by relevant agencies – seeks to establish the medium through which expressverify.com obtained the credentials of bona fide third parties and to determine the liability of persons involved in line with extant laws.”

At the moment, data processing by licensees generally are to be scrutinised and only those that are cleared based on credible evidence of regulatory compliance will be permitted to carry out NIN verification going forward, Bamigboye asserted.

According to him series of intensive training would be conducted in order to ensure that personnel and licensees were abreast of the duty of care and the standard of care mandated by the Nigeria Data Protection Act, NIMC’s Privacy Policy and other relevant regulatory protocols.

He called on Nigerians to see NIN as an essential data for sustainable development.

“While existing technical and organizational measures are being strengthened to ensure the protection of this data, it is important for citizens to ensure that they are not left unidentified in various frameworks for development.

“It is equally important to be vigilant when sharing personal information on various online platforms,” Bamigboye stated.